1. Purpose

These Mobile Device Management (“MDM”) Terms of Use (“Terms”) govern the use of devices that access [Organization Name] systems, data, and services and are enrolled in [Organization Name]’s MDM solution (“MDM Service”).

By enrolling a device or using a device already enrolled in the MDM Service, you acknowledge that you have read, understand, and agree to these Terms.

2. Scope

These Terms apply to:

• All employees, contractors, volunteers, interns, and other authorized users (“Users”)

• All devices enrolled in the MDM Service, including:

  • Organization-owned devices

  • Personally-owned devices (BYOD), where allowed

These Terms apply to all access to [Organization Name] resources, including but not limited to email, files, applications, and internal systems, whether on-premises or cloud-hosted.

3. Enrollment & Eligibility

3.1 Enrollment Requirement
To access [Organization Name] email, files, and certain applications, your device may be required to be enrolled in the MDM Service.

3.2 Supported Devices
Only supported operating systems and device types defined by [Organization Name] IT may be enrolled. Unsupported or outdated devices may be denied access.

3.3 Revocation of Access
[Organization Name] may deny or revoke enrollment or access at any time for security, compliance, or operational reasons.

4. Data Collected & Privacy

4.1 Information the MDM Service May Collect
Depending on the platform and device type, the MDM Service may collect, store, and process information including (but not limited to):

• Device type, model, operating system, and version

• Device name and serial number

• Installed applications (metadata only, not contents)

• Security status (e.g., encryption, passcode/PIN status, jailbreak/root detection)

• Network information (e.g., IP address, Wi-Fi SSID)

• Compliance status and configuration profiles

• Corporate app and configuration inventory

4.2 Information the MDM Service Does Not Intentionally Collect
Unless explicitly stated as part of a specific program or legal requirement, the MDM Service is not intended to collect:

• Personal photos, personal text messages, or personal email content

• Personal contacts not synchronized with [Organization Name] systems

• Personal documents/files stored only in personal locations

• Personal browsing history outside of corporate apps or managed browsers

4.3 Use of Collected Information
Information collected through the MDM Service may be used to:

• Enforce security policies and maintain compliance

• Protect [Organization Name] systems, data, and users

• Support troubleshooting and device management

• Investigate suspected security incidents or policy violations

4.4 Privacy Expectations for Organization-Owned Devices
Users of organization-owned devices should have no expectation of privacy in the use of those devices. [Organization Name] may access, monitor, inspect, or wipe such devices as needed for business, legal, or security reasons, subject to applicable laws.

4.5 Privacy Expectations for Personally-Owned Devices (BYOD)
For personally-owned devices, [Organization Name] will limit management actions and data collection to what is reasonably necessary to protect organizational data and systems. However, certain actions (such as a selective wipe) may remove organizational data and associated app configurations from the device.

5. Security Requirements

By enrolling a device in the MDM Service, you agree to comply with the following security requirements:

• Maintain a device unlock method (PIN, password, biometric, etc.) meeting [Organization Name]’s minimum security standards

• Enable device encryption where required by policy

• Do not disable or circumvent security controls or configurations applied by the MDM Service

• Keep the device’s operating system and security patches up to date

• Immediately report lost, stolen, or compromised devices to [Organization Name] IT at [IT contact email/phone]

Failure to meet these requirements may result in removal of access or a device being remotely locked or wiped.

6. Monitoring & Management Actions

By enrolling in the MDM Service, you acknowledge and consent that [Organization Name] may perform the following actions, as applicable and permitted by law:

• Enforce configuration and security policies

• Require installation of managed applications or security tools

• Restrict or block access to organizational resources

• Remotely lock the device if lost, stolen, or compromised

• Remotely wipe corporate data or, where necessary, perform a full device wipe (primarily on organization-owned devices)

• Remove the device from management and revoke access

For personally-owned devices, [Organization Name] will make reasonable efforts to perform selective wipes (removing organizational data only) whenever possible. However, in certain cases (e.g., technical limitations, severe security risk), a full device wipe may be necessary.

7. Acceptable Use

When using an MDM-enrolled device to access [Organization Name] resources, you agree to:

• Use organizational data and systems only for lawful and authorized purposes

• Comply with all applicable [Organization Name] policies (e.g., Acceptable Use, Confidentiality, Privacy, Code of Conduct)

• Avoid any activity that could reasonably be expected to harm [Organization Name], its systems, or its reputation

Prohibited activities include, but are not limited to:

• Attempting to bypass, disable, or tamper with MDM controls or security tools

• Installing or using unauthorized software that may compromise security

• Sharing your account credentials or allowing others to access your corporate account on your device

• Storing or transferring sensitive organizational data in unapproved locations or apps

8. Lost, Stolen, or Compromised Devices

If an MDM-enrolled device is lost, stolen, or suspected to be compromised:

1. You must immediately notify [Organization Name] IT at [IT contact email/phone].

2. [Organization Name] may:

   • Remotely lock the device

   • Attempt to locate the device (if supported)

   • Remotely wipe organizational data or fully wipe the device

   • Temporarily or permanently revoke access

9. Employment / Engagement Relationship

These Terms do not alter the at-will employment relationship (if applicable) or any terms of contracts or engagement. Violations of these Terms may result in:

• Disciplinary action up to and including termination of employment or engagement

• Revocation of access to [Organization Name] systems and resources

• Other actions as permitted by law and organizational policy

10. Removal from MDM & Device Retirement

When you leave [Organization Name] or when an enrolled device is replaced or no longer used for work:

• Your device may be remotely removed from the MDM Service

• Organizational data and applications may be removed or rendered inaccessible

• You remain responsible for ensuring that any local copies of organizational data are securely deleted or returned as required

11. Changes to These Terms

[Organization Name] may update these Terms from time to time. Material changes will be communicated via email, intranet, or other suitable channels.

Continued use of an MDM-enrolled device to access [Organization Name] resources after changes take effect constitutes acceptance of the updated Terms.

12. Acknowledgment & Consent

By enrolling your device in the MDM Service or by using an already-enrolled device to access [Organization Name] resources, you acknowledge and agree that:

• You have read and understood these Terms

• You consent to the collection, use, and processing of device and usage data as described

• You consent to the application of security policies, monitoring, and potential remote actions (including lock and wipe) as described

• You will comply with all [Organization Name] policies applicable to the use of organizational systems and data

If you do not agree to these Terms, you must not enroll your device or must immediately request removal of your device from the MDM Service and discontinue access to [Organization Name] resources from that device.